Home » Cyber Security News » Malspam campaigns target business users with Hawkeye keylogger

Malspam campaigns target business users with Hawkeye keylogger

  • Attackers behind this campaign were found to be using spam servers located in Estonia.
  • The targeted industries include transportation and logistics, healthcare, import and export, marketing, agriculture, and others.

Researchers from IBM X-Force have observed malspam campaigns targeting business users with the Hawkeye keylogger malware during the last two months.

The targeted industries include transportation and logistics, healthcare, import and export, marketing, agriculture, and others.

The big picture

The malspam campaigns distribute Hawkeye keyloggers in order to steal accounts credentials and sensitive data from business users, which can be later used in BEC scams and account takeover attacks.

  • Attackers behind this campaign were found to be using spam servers located in Estonia.
  • The malspam emails purported to come from Spanish banks and legitimate companies.
  • The emails include malicious attachments that contain fake commercial invoices.
  • Upon opening the malicious invoice, HawkEye Reborn v8.0 or HawkEye Reborn v9.0 gets dropped on the victim’s machine, while displaying the commercial invoice image on the display screen.
  • To infect the victims with the Hawkeye keylogger, a mshta.exe binary gets dropped by PhotoViewer when the victim tries to open the fake invoice.
  • This binary will use PowerShell to communicate with the C&C server and drop additional malware payloads.
  • Hawkeye keylogger malware gains persistence on the compromised system with the help of an AutoIt script in the form of an executable named gvg.exe.

“Samples we checked reached users in Spain, the US, and the United Arab Emirates for HawkEye Reborn v9. HawkEye v8 focused on targeting users in Spain,” IBM X-Force researchers said.

Researchers also observed another malspam campaign launched from a server from Turkey between February 11, 2019, and March 3, 2019. This campaign leveraged similar attack patterns with emails dropping malware payloads disguised as commercial invoices.

Hawkeye keylogger

The HawkEye keylogger malware has been in development since about 2013, with the malware authors adding a multitude of new features and modules to enhance its capabilities.

“HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors,” researchers said.

Firewall,Hardware Firewall,Software Firewall,Firewall India, Firewall,Network Firewall,Firewall Support,Firewall Monitoring,Firewall VPN, WAF Website Firewall,Firewall Security, Firewall India,Firewalls Provider in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket